From 07186243de2bf6b40e6981eac8a64755b6b23f78 Mon Sep 17 00:00:00 2001 From: Matt McEuen Date: Fri, 20 Jul 2018 16:32:30 -0500 Subject: [PATCH] Update Deckhand for latest HTK This updates Deckhand to be compatible with the current OpenStack-Helm Helm Toolkit. This includes: - Using HTK manifest templates - Refactoring values.yaml structure - Some other small cleanup Change-Id: Ib7c2451b46fab20935edb1c768ac56cc6353aa16 --- charts/deckhand/templates/configmap-bin.yaml | 5 + charts/deckhand/templates/configmap-etc.yaml | 28 ++-- charts/deckhand/templates/deployment.yaml | 9 +- charts/deckhand/templates/ingress-api.yaml | 33 +---- charts/deckhand/templates/job-db-init.yaml | 7 +- charts/deckhand/templates/job-db-sync.yaml | 7 +- .../templates/job-image-repo-sync.yaml | 20 +++ .../deckhand/templates/job-ks-endpoints.yaml | 82 +++-------- charts/deckhand/templates/job-ks-service.yaml | 78 +++-------- charts/deckhand/templates/job-ks-user.yaml | 82 +++-------- .../templates/secret-keystone-env.yaml | 3 +- .../deckhand/templates/service-ingress.yaml | 18 +-- charts/deckhand/templates/service.yaml | 16 +-- charts/deckhand/values.yaml | 132 ++++++++++++------ 14 files changed, 205 insertions(+), 315 deletions(-) create mode 100644 charts/deckhand/templates/job-image-repo-sync.yaml diff --git a/charts/deckhand/templates/configmap-bin.yaml b/charts/deckhand/templates/configmap-bin.yaml index 993de471..4b9e357d 100644 --- a/charts/deckhand/templates/configmap-bin.yaml +++ b/charts/deckhand/templates/configmap-bin.yaml @@ -1,3 +1,4 @@ +{{/* # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -9,6 +10,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} apiVersion: v1 kind: ConfigMap @@ -27,3 +31,4 @@ data: {{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} db-sync.sh: |+ {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/deckhand/templates/configmap-etc.yaml b/charts/deckhand/templates/configmap-etc.yaml index b019680c..10ee24b6 100644 --- a/charts/deckhand/templates/configmap-etc.yaml +++ b/charts/deckhand/templates/configmap-etc.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,54 +12,56 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} +{{- if .Values.manifests.configmap_etc }} {{- $envAll := . }} {{- if empty .Values.conf.deckhand.keystone_authtoken.auth_uri -}} -{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_uri" | quote | trunc 0 -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_uri" -}} {{- end -}} # FIXME fix for broken keystonemiddleware oslo config gen in newton - will remove in future {{- if empty .Values.conf.deckhand.keystone_authtoken.auth_url -}} -{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_url" | quote | trunc 0 -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "auth_url" -}} {{- end -}} # Add endpoint URI lookup for Deckhand Postgresql DB Connection {{- if empty .Values.conf.deckhand.database.connection -}} -{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.deckhand.database "connection" | quote | trunc 0 -}} +{{- tuple "postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.deckhand.database "connection" -}} {{- end -}} # Add endpoint URI lookup for memcached servers Connection {{- if empty .Values.conf.deckhand.keystone_authtoken.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.deckhand.keystone_authtoken "memcached_servers" -}} {{- end -}} # Add endpoint URI lookup for barbican {{- if empty .Values.conf.deckhand.barbican.api_endpoint -}} -{{- tuple "barbican" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.barbican "api_endpoint" | quote | trunc 0 -}} +{{- tuple "key_manager" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.deckhand.barbican "api_endpoint" -}} {{- end -}} -{{- $userIdentity := .Values.endpoints.identity.auth.user -}} +{{- $userIdentity := .Values.endpoints.identity.auth.deckhand -}} {{- if empty .Values.conf.deckhand.keystone_authtoken.project_name -}} -{{- set .Values.conf.deckhand.keystone_authtoken "project_name" $userIdentity.project_name | quote | trunc 0 -}} +{{- set .Values.conf.deckhand.keystone_authtoken "project_name" $userIdentity.project_name -}} {{- end -}} {{- if empty .Values.conf.deckhand.keystone_authtoken.project_domain_name -}} -{{- set .Values.conf.deckhand.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name | quote | trunc 0 -}} +{{- set .Values.conf.deckhand.keystone_authtoken "project_domain_name" $userIdentity.project_domain_name -}} {{- end -}} {{- if empty .Values.conf.deckhand.keystone_authtoken.user_domain_name -}} -{{- set .Values.conf.deckhand.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name | quote | trunc 0 -}} +{{- set .Values.conf.deckhand.keystone_authtoken "user_domain_name" $userIdentity.user_domain_name -}} {{- end -}} {{- if empty .Values.conf.deckhand.keystone_authtoken.username -}} -{{- set .Values.conf.deckhand.keystone_authtoken "username" $userIdentity.username | quote | trunc 0 -}} +{{- set .Values.conf.deckhand.keystone_authtoken "username" $userIdentity.username -}} {{- end -}} {{- if empty .Values.conf.deckhand.keystone_authtoken.password -}} -{{- set .Values.conf.deckhand.keystone_authtoken "password" $userIdentity.password | quote | trunc 0 -}} +{{- set .Values.conf.deckhand.keystone_authtoken "password" $userIdentity.password -}} {{- end -}} # Set a random string as secret key. {{- if empty .Values.conf.deckhand.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.deckhand.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} +{{- randAlphaNum 64 | set .Values.conf.deckhand.keystone_authtoken "memcache_secret_key" -}} {{- end -}} --- @@ -75,3 +78,4 @@ data: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} policy.yaml: |+ {{ toYaml .Values.conf.policy | indent 4 }} +{{- end }} diff --git a/charts/deckhand/templates/deployment.yaml b/charts/deckhand/templates/deployment.yaml index 3d6ef259..ae2b84bf 100644 --- a/charts/deckhand/templates/deployment.yaml +++ b/charts/deckhand/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,14 +12,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{- if .Values.manifests.deployment }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.deckhand }} {{- $mounts_deckhand := .Values.pod.mounts.deckhand.deckhand }} {{- $mounts_deckhand_init := .Values.pod.mounts.deckhand.init_container }} {{- $serviceAccountName := "deckhand" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "deckhand" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1beta1 kind: Deployment @@ -37,11 +38,11 @@ spec: spec: serviceAccountName: {{ $serviceAccountName }} nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.deckhand.timeout | default "30" }} restartPolicy: Always initContainers: -{{ tuple $envAll $dependencies $mounts_deckhand_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "deckhand" $mounts_deckhand_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: deckhand-api env: diff --git a/charts/deckhand/templates/ingress-api.yaml b/charts/deckhand/templates/ingress-api.yaml index 40410743..d9b15cf6 100644 --- a/charts/deckhand/templates/ingress-api.yaml +++ b/charts/deckhand/templates/ingress-api.yaml @@ -14,34 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.ingress_api }} -{{- $envAll := . }} -{{- if .Values.network.ingress.public }} -{{- $backendServiceType := "deckhand" }} -{{- $backendPort := "http" }} -{{- $ingressName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostName := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -{{- $hostNameNamespaced := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }} -{{- $hostNameFull := tuple $backendServiceType "public" $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $ingressName }} - annotations: - kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / -spec: - rules: -{{- range $key1, $vHost := tuple $hostName $hostNameNamespaced $hostNameFull }} - - host: {{ $vHost }} - http: - paths: - - path: / - backend: - serviceName: {{ $backendName }} - servicePort: {{ $backendPort }} -{{- end }} -{{- end }} +{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} +{{- $ingressOpts := dict "envAll" . "backendServiceType" "deckhand" "backendPort" "http" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{- end }} diff --git a/charts/deckhand/templates/job-db-init.yaml b/charts/deckhand/templates/job-db-init.yaml index 4019ac6f..4624d09d 100644 --- a/charts/deckhand/templates/job-db-init.yaml +++ b/charts/deckhand/templates/job-db-init.yaml @@ -16,11 +16,10 @@ limitations under the License. {{- if .Values.manifests.job_db_init }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_init }} {{- $mounts_deckhand_db_init := .Values.pod.mounts.deckhand_db_init.deckhand_db_init }} {{- $mounts_deckhand_db_init_init := .Values.pod.mounts.deckhand_db_init.init_container }} {{- $serviceAccountName := "deckhand-db-init" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_init" $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: deckhand-db-init image: {{ .Values.images.tags.db_init | quote }} diff --git a/charts/deckhand/templates/job-db-sync.yaml b/charts/deckhand/templates/job-db-sync.yaml index 5098ec20..0320424d 100644 --- a/charts/deckhand/templates/job-db-sync.yaml +++ b/charts/deckhand/templates/job-db-sync.yaml @@ -16,11 +16,10 @@ limitations under the License. {{- if .Values.manifests.job_db_sync }} {{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} {{- $mounts_deckhand_db_sync := .Values.pod.mounts.deckhand_db_sync.deckhand_db_sync }} {{- $mounts_deckhand_db_sync_init := .Values.pod.mounts.deckhand_db_sync.init_container }} {{- $serviceAccountName := "deckhand-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{ tuple $envAll "db_sync" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -35,9 +34,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies $mounts_deckhand_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "db_sync" $mounts_deckhand_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: deckhand-db-sync image: {{ .Values.images.tags.db_sync | quote }} diff --git a/charts/deckhand/templates/job-image-repo-sync.yaml b/charts/deckhand/templates/job-image-repo-sync.yaml new file mode 100644 index 00000000..a9233db3 --- /dev/null +++ b/charts/deckhand/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "deckhand" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/charts/deckhand/templates/job-ks-endpoints.yaml b/charts/deckhand/templates/job-ks-endpoints.yaml index f088579e..264fa8ad 100644 --- a/charts/deckhand/templates/job-ks-endpoints.yaml +++ b/charts/deckhand/templates/job-ks-endpoints.yaml @@ -1,68 +1,20 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} {{- if .Values.manifests.job_ks_endpoints }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.ks_endpoints }} -{{- $serviceAccountName := "deckhand-ks-endpoints" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: deckhand-ks-endpoints -spec: - template: - metadata: - labels: -{{ tuple $envAll "deckhand" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: -{{- range $key1, $osServiceType := tuple "deckhand" }} -{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} - - name: {{ $osServiceType }}-ks-endpoints-{{ $osServiceEndPoint }} - image: {{ $envAll.Values.images.tags.ks_endpoints }} - imagePullPolicy: {{ $envAll.Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_endpoints | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-endpoints.sh - volumeMounts: - - name: ks-endpoints-sh - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "deckhand" "serviceTypes" ( tuple "deckhand" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} {{- end }} - - name: OS_SVC_ENDPOINT - value: {{ $osServiceEndPoint }} - - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} - - name: OS_SERVICE_TYPE - value: {{ $osServiceType }} - - name: OS_SERVICE_ENDPOINT - value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} -{{- end }} -{{- end }} - volumes: - - name: ks-endpoints-sh - configMap: - name: deckhand-bin - defaultMode: 0555 -{{- end -}} diff --git a/charts/deckhand/templates/job-ks-service.yaml b/charts/deckhand/templates/job-ks-service.yaml index 631b357e..c857be8e 100644 --- a/charts/deckhand/templates/job-ks-service.yaml +++ b/charts/deckhand/templates/job-ks-service.yaml @@ -1,64 +1,20 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +{{/* +Copyright 2017 The Openstack-Helm Authors. -{{- if .Values.manifests.job_ks_service -}} +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at -{{- $envAll := . }} -{{- $ksAdminSecret := .Values.secrets.identity.admin }} -{{- $dependencies := .Values.dependencies.ks_service }} -{{- $serviceAccountName := "deckhand-ks-service" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: deckhand-ks-service -spec: - template: - metadata: - labels: -{{ tuple $envAll "deckhand" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: -{{- range $key1, $osServiceType := tuple "deckhand" }} - - name: {{ $osServiceType }}-ks-service-registration - image: {{ $envAll.Values.images.tags.ks_service }} - imagePullPolicy: {{ $envAll.Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-service.sh - volumeMounts: - - name: ks-service-sh - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $ksAdminSecret }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_service }} +{{- $ksServiceJob := dict "envAll" . "serviceName" "deckhand" "serviceTypes" ( tuple "deckhand" ) -}} +{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} {{- end }} - - name: OS_SERVICE_NAME - value: {{ tuple $osServiceType $envAll | include "helm-toolkit.endpoints.keystone_endpoint_name_lookup" }} - - name: OS_SERVICE_TYPE - value: {{ $osServiceType }} -{{- end }} - volumes: - - name: ks-service-sh - configMap: - name: deckhand-bin - defaultMode: 0555 -{{- end -}} diff --git a/charts/deckhand/templates/job-ks-user.yaml b/charts/deckhand/templates/job-ks-user.yaml index 0780396d..97afa9fc 100644 --- a/charts/deckhand/templates/job-ks-user.yaml +++ b/charts/deckhand/templates/job-ks-user.yaml @@ -1,68 +1,20 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} {{- if .Values.manifests.job_ks_user }} - -{{- $ksAdminSecret := .Values.secrets.identity.admin }} -{{- $ksUserSecret := .Values.secrets.identity.user }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.ks_user }} -{{- $serviceAccountName := "deckhand-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: deckhand-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "deckhand" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: deckhand-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $ksAdminSecret }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- $ksUserJob := dict "envAll" . "serviceName" "deckhand" -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: {{ $envAll.Values.endpoints.deckhand.name | quote }} - - name: SERVICE_OS_DOMAIN_NAME - value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }} -{{- with $env := dict "ksUserSecret" $ksUserSecret }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: deckhand-bin - defaultMode: 0555 -{{- end -}} diff --git a/charts/deckhand/templates/secret-keystone-env.yaml b/charts/deckhand/templates/secret-keystone-env.yaml index 94ea6e74..cf597bae 100644 --- a/charts/deckhand/templates/secret-keystone-env.yaml +++ b/charts/deckhand/templates/secret-keystone-env.yaml @@ -11,9 +11,10 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} + {{- if .Values.manifests.secret_keystone }} {{- $envAll := . }} -{{- range $key1, $userClass := tuple "admin" "user" }} +{{- range $key1, $userClass := tuple "admin" "deckhand" }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }} --- apiVersion: v1 diff --git a/charts/deckhand/templates/service-ingress.yaml b/charts/deckhand/templates/service-ingress.yaml index 26d35e33..3d621125 100644 --- a/charts/deckhand/templates/service-ingress.yaml +++ b/charts/deckhand/templates/service-ingress.yaml @@ -14,19 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service_ingress }} -{{- $envAll := . }} -{{- if .Values.network.ingress.public }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ tuple "deckhand" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: http - port: 80 - selector: - app: ingress-api -{{- end }} +{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} +{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "deckhand" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{- end }} diff --git a/charts/deckhand/templates/service.yaml b/charts/deckhand/templates/service.yaml index 14c95608..12598496 100644 --- a/charts/deckhand/templates/service.yaml +++ b/charts/deckhand/templates/service.yaml @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if .Values.manifests.service }} +{{- if .Values.manifests.service_api }} {{- $envAll := . }} --- apiVersion: v1 @@ -23,21 +23,21 @@ metadata: name: {{ tuple "deckhand" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - {{ if .Values.network.enable_node_port }} + {{ if .Values.network.api.node_port.enabled }} - name: http - nodePort: {{ .Values.network.node_port }} - port: {{ .Values.network.port }} + nodePort: {{ .Values.network.api.node_port }} + port: {{ .Values.network.api.port }} protocol: TCP - targetPort: {{ .Values.network.port }} + targetPort: {{ .Values.network.api.port }} {{ else }} - name: http - port: {{ .Values.network.port }} + port: {{ tuple "deckhand" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} protocol: TCP - targetPort: {{ .Values.network.port }} + targetPort: {{ .Values.network.api.port }} {{ end }} selector: {{ tuple $envAll "deckhand" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - {{ if .Values.network.enable_node_port }} + {{ if .Values.network.api.enable_node_port }} type: NodePort {{ end }} {{- end }} diff --git a/charts/deckhand/values.yaml b/charts/deckhand/values.yaml index 2bab287c..363bc884 100644 --- a/charts/deckhand/values.yaml +++ b/charts/deckhand/values.yaml @@ -15,8 +15,15 @@ # This file provides defaults for deckhand labels: - node_selector_key: ucp-control-plane - node_selector_value: enabled + api: + node_selector_key: ucp-control-plane + node_selector_value: enabled + job: + node_selector_key: ucp-control-plane + node_selector_value: enabled + test: + node_selector_key: ucp-control-plane + node_selector_value: enabled images: tags: @@ -24,65 +31,98 @@ images: dep_check: "quay.io/stackanetes/kubernetes-entrypoint:v0.3.1" db_init: docker.io/postgres:9.5 db_sync: quay.io/attcomdev/deckhand:latest + image_repo_sync: docker.io/docker:17.07.0 ks_endpoints: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton ks_user: docker.io/openstackhelm/heat:newton pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync release_group: null network: - ingress: - public: true - port: 9000 - node_port: 31902 - enable_node_port: false + api: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + node_port: + enabled: false + port: 301902 dependencies: - db_init: - services: - - service: postgresql - endpoint: internal - db_sync: - jobs: - - deckhand-db-init - services: - - service: postgresql - endpoint: internal - ks_user: - services: - - service: identity - endpoint: internal - ks_service: - services: - - service: identity - endpoint: internal - ks_endpoints: - jobs: - - deckhand-ks-service - services: - - service: identity - endpoint: internal - deckhand: - jobs: - - deckhand-ks-endpoints - - deckhand-ks-user - - deckhand-ks-endpoints - services: - - service: identity - endpoint: internal - - service: key_manager - endpoint: internal + dynamic: + common: + local_image_registry: + jobs: + - glance-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + db_init: + services: + - service: postgresql + endpoint: internal + db_sync: + jobs: + - deckhand-db-init + services: + - service: postgresql + endpoint: internal + ks_user: + services: + - service: identity + endpoint: internal + ks_service: + services: + - service: identity + endpoint: internal + ks_endpoints: + jobs: + - deckhand-ks-service + services: + - service: identity + endpoint: internal + deckhand: + jobs: + - deckhand-ks-endpoints + - deckhand-ks-user + - deckhand-ks-endpoints + services: + - service: identity + endpoint: internal + - service: key_manager + endpoint: internal # typically overridden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 identity: name: keystone auth: - user: + deckhand: region_name: RegionOne role: admin project_name: service @@ -172,7 +212,7 @@ endpoints: secrets: identity: admin: deckhand-keystone-admin - user: deckhand-keystone-user + deckhand: deckhand-keystone-user postgresql: admin: deckhand-db-admin user: deckhand-db-user @@ -339,15 +379,15 @@ manifests: configmap_bin: true configmap_etc: true deployment: true + ingress_api: true job_db_init: true job_db_sync: true + job_image_repo_sync: true job_ks_endpoints: true job_ks_service: true job_ks_user: true secret_db: true secret_keystone: true service_api: true - ingress_api: true - service: true - service_ingress: true + service_ingress_api: true test_deckhand_api: true